Configuring Secure Computing Sidewinder
Firewall Analyzer supports Sidewinder G2.
Configuring Sidewinder To Send Audit Data To Firewall Analyzer
- Open
/etc/sidewinder/auditd.conf
- Add the following line at the end of the file, to configure syslog to use the Sidewinder Export Format (SEF):
syslog (local0 filters[“NULL”] sef)
You can use ‘local0’ through ‘local7’ as names for the facility; they are predefined in syslogd.
- Save the configuration and exit the editor.
- Open
/etc/syslog.conf
- Append
local0.* @<server_name> at the end, where facility local0 matches the facility mentioned in step 2 and <server_name> is the name of the machine where Firewall Analyzer is running.
- Save the configuration and exit the editor.
- Look up syslog’s process ID by entering the following command:
pss syslog
- Implement the changes by restarting the syslogd and auditd processes, using the following two commands:
kill -HUP <syslog process ID>
cf server restart auditd
The Sidewinder G2 will now send audit data to Firewall Analyzer.
|